Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
918 Views 8 Replies Latest reply: Jun 24, 2013 12:26 PM by Regis RSS
adpspt Newcomer 8 posts since
Jun 17, 2013
Currently Being Moderated

Jun 17, 2013 6:52 AM

Problem with Device Control on virtual machines connected via zeroclient

Hallo,

 

I have the problem that we are using DLP 9.1 with EPO 4.5 and have the problem that when we use in DLP USB sticks with serial nummer they are not working through zeroclient on virtual machine.

We have configured rules in the DLP Device controll that it is only allowed to use usb sticks which are content encrypted and where the serialnumber is registered in the DLP.


This is working fine on normal physical Laptops but if i use the same USB Stick on my zeroclient which got a virtual vmware machine than the stick got allways blocked.
I also tried to register the stick not by serialnumber and used the VID and the PID but also this have the same result that the stick got blocked.


If i disable all rules in Device controll the stick got mapped from zeroclient to the virtual machine without problem.
Can you help use or is there any well known practise for using device controll with virtual machines?

 

 

 

best regards

  • SafeBoot Group Leader 8,596 posts since
    Oct 28, 2008

    I don't think this will work - the host OS that has DLP installed never gets to see the stick in the VM - the VMWare driver is connecting the guest OS directly to the hardware.


    Heisenberg is pulled over for speeding: “Do you know how fast you were going?” the police officer asks, incredulously. “No,” replies Heisenberg, “but I know exactly where I am!”
    Personal Blog : http://mcaf.ee/simon | Corporate Blog : http://SIBlog.mcafee.com | Create your own safe, short URL's - http://mcaf.ee

  • virgona Newcomer 27 posts since
    Apr 14, 2013

    Add a new "Removable Storage Device Rule" with USB bus checked Device Defination checked, and enable "monitor" action. Plug your usb stick in and make sure your vm finds it, then go to DLP Monitor to check the device details from event detected.

     

    Maybe mapped USB device is not very same as the physical one, find the similarity of both the define the block rule.

  • virgona Newcomer 27 posts since
    Apr 14, 2013

    Make sre the status of the Device Class is Managed.

     

    And I suggest you just use the info listed from DLP Monitor, because we cannot know what is the exactly value of non-listed parameters. For your case, try "Device name" or/and "Device Instance ID".

     

    Don't be entangled with no SN on vm or others missing, it should be because of vmware does not transfer the parameters, or McAfee DLP does not detect them.

  • Regis Champion 457 posts since
    Oct 6, 2010

    I've seen this as well with WYSE terminals connecting to VMWare Vsphere virtual infrastructure.

     

    In the cases where no serial is being sent, I have had to whitelist or do policy based on Instance ID's instead.   It's a pain.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points